DRACOON Core Service

Version 4.12.0 (2019-06-18)

Security Issue Fixed an issue that enabled users to restore files without the necessary permissions in certain scenarios.

Security Issue Ensured that RADIUS shared secret cannot be logged.

Security Issue Restricted all APIs to return a maximum of 500 items.

New Feature Improved CORS filter configuration.

New Feature Deprecated POST /user/profileAttributes.

New Feature Deprecated "mediaServerEnabled" attribute in system-settings-config endpoints.

New Feature Extended configuration for S3 migration options.

New Feature Introduced client distinction for OAuth client.

New Feature Add device information to OAuth authorizations.

New Feature Added filtering and sorting options for OAuth authorizations endpoint.

New Feature Removed client authorization aggregation so authorized clients can be distinguished.

New Feature Added token revocation endpoint for OAuth authorizations.

New Feature Added device information to OAuth authorizations so that devices can be distinguished.

New Feature Comments can now be retrieved paged.

New Feature DRACOON is now shipped as Spring Boot application.

New Feature Introduced new role to prevent data room admins from listing users and groups.

Improvement Updated redirect URI for DRACOON for Outlook.

Improvement Improved handling of login password hashes.

Improvement Improved Swagger documentation for room configuration.

Improvement Introduced new API endpoint GET /users/{user_id}/userAttributes.

Improvement Introduced new API endpoint GET provisioning/customers/{customer_id}/customerAttributes.

Improvement Gender in DRACOON now deprecated.

Improvement Improved performance for large lists of items.

Improvement Renamed DRACOON Web Access to DRACOON Web App.

Improvement Improved OAuth grant type validation.

Improvement A user's phone number can now be reset by providing an empty String.

Improvement Ensured that OAuth Client ID cannot be configured with obscure characters.

Improvement Corrected trial day calculation for demo accounts.

Improvement Added normalization to URI/URL according to RFC3986.

Improvement Move operation with same parent as target (and with rename) is now allowed.

Improvement Copy and move operations allow additional resolution strategies.

Improvement Only one download notification is now sent for ranged requests on Download Shares.

Improvement Revised logging for chunked downloads.

Improvement Improved quality of fallback avatar.

Improvement Made all boolean attributes in request models optional.

Improvement POST /auth/login now accepts auth method "basic" (in addition to "sql")

Documentation Issue Extended documentation for download shares.

Documentation Issue Corrected documentation for avatar error handling.

Documentation Issue Added avatar size information to documentation.

Documentation Issue Corrected some typos in Swagger documentation.

Documentation Issue Corrected documentation for profile attributes.

Documentation Issue Corrected documentation for RADIUS configuration.

Documentation Issue Corrected documentation for settings API.

Documentation Issue Corrected API RADIUS configuration documentation.

Documentation Issue Corrected API documentation for settings.

Documentation Issue Corrected documentation of customer quota.

Documentation Issue Corrected API documentation of profile attributes.

Documentation Issue Corrected documentation of homeRoom configuration.

Documentation Issue Corrected documentation info in general configuration endpoint.

Documentation Issue Corrected documentation of search API.